An error occurred:

Check: SRG-OS-000373-GPOS-00158

General Purpose Operating System SRG: SRG-OS-000373-GPOS-00158 (in version v3 r2)

Title

The operating system must require users to reauthenticate when changing authenticators. (Cat II impact)

Discussion

Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to change user authenticators, it is critical the user reauthenticate.

Check Content

Verify the operating system requires users to reauthenticate when changing authenticators. If it does not, this is a finding.

Fix Text

Configure the operating system to require users to reauthenticate when changing authenticators.

Additional Identifiers

Rule ID: SV-203725r1050791_rule

Vulnerability ID: V-203725

Group Title: SRG-OS-000373

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002038

The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-11

Re-authentication